Permalink
Commits on Aug 27, 2016
  1. @covener

    Stash the cgi PID earlier in mod_cgid

    In some cases, a 2nd CGI using the same c->id can get into
    the mod_cgid handler before cleanups have been run, causing
    the new CGI pid to be used by the first CGI's cleanup function.
    
    Instead of stashing c->id in the request processing thread,
    just use it before leaving the handler to get the pid.
    
    May indirectly fix PR57771, but it must have a slightly different
    cause because stashing the conn_id slightly differently was 
    supposed to be sufficient there.
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758083 13f79535-47bb-0310-9956-ffa450edef68
    covener committed Aug 27, 2016
  2. @elukey

    Updated the changelog to reflect last commits about Last-Modified hea…

    …der handling.
    
    Added William and Jacob to the list of authors to reflect
    their participation and suggestions given in the dev@'s email thread (thanks!).
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758034 13f79535-47bb-0310-9956-ffa450edef68
    elukey committed Aug 27, 2016
  3. update after http2 backport

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758014 13f79535-47bb-0310-9956-ffa450edef68
    Stefan Eissing committed Aug 27, 2016
  4. mod_http2: using invalid header callback from nghttp2 1.14.0 onwards

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758003 13f79535-47bb-0310-9956-ffa450edef68
    Stefan Eissing committed Aug 27, 2016
  5. mod_http2: fix for stream buffer handling during shutdown

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757985 13f79535-47bb-0310-9956-ffa450edef68
    Stefan Eissing committed Aug 27, 2016
Commits on Aug 26, 2016
  1. @wrowe

    Revert to the correct APLOGNO ID for this case

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757924 13f79535-47bb-0310-9956-ffa450edef68
    wrowe committed Aug 26, 2016
  2. @wrowe

    Resync

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757923 13f79535-47bb-0310-9956-ffa450edef68
    wrowe committed Aug 26, 2016
  3. @wrowe

    Correct URL failure reporting.

    Drop the second reporting of HEAD over HTTP/0.9 requests, we short-circuit
    this early now in read_request_line() when presented anything other than
    the sole "GET" method permitted by spec.
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757921 13f79535-47bb-0310-9956-ffa450edef68
    wrowe committed Aug 26, 2016
  4. @wrowe

    First survey results, all intrinsicly bad input will be logged at the…

    … debug
    
    level, no louder. This patch intentionally dodges the Limit* constrained tests
    since administrators may shoot themselves in the foot, or be confronted with
    impossibly long cookie values, etc.
    
    Adjust the documentation to match.
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757920 13f79535-47bb-0310-9956-ffa450edef68
    wrowe committed Aug 26, 2016
  5. @covener

    add [flags] to syntax

    per http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#comment_5728
    
    split list of flags out of the massive CondPattern list.
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757838 13f79535-47bb-0310-9956-ffa450edef68
    covener committed Aug 26, 2016
  6. @elukey

    After a long discussion in dev@ I reviewed my previous commit to only…

    … warn
    
    the admins about Last-Modified header violations rather than trying
    to interpret datestrings (like the ones not in GMT).
    
    I also added explicit comments to summarize the current assumptions,
    so it will be easier for somebody in the future to modify the code.
    
    The following use cases are covered:
    1) (F)CGI backend sends a Last-Modified header not in GMT and considered in the future by httpd (like now() in the EU/Paris timezone)
    2) (F)CGI backend sends a Last-Modified header not in GMT and not considered in the future by httpd (like now() + 2 hours in the PST timezone)
    3) (F)CGI backend sends a Last-Modified header in GMT but with a datetime in the future
    
    Suggestions and opinion are really welcome.
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757818 13f79535-47bb-0310-9956-ffa450edef68
    elukey committed Aug 26, 2016
Commits on Aug 25, 2016
  1. @wrowe

    Sync

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757712 13f79535-47bb-0310-9956-ffa450edef68
    wrowe committed Aug 25, 2016
  2. @wrowe

    Correct RFC reference text (link was right)

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757711 13f79535-47bb-0310-9956-ffa450edef68
    wrowe committed Aug 25, 2016
  3. * Add missing CHANGES entry for r1757662.

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757663 13f79535-47bb-0310-9956-ffa450edef68
    Ruediger Pluem committed Aug 25, 2016
  4. * Add missing copy of hcuri and hcexpr ftom the worker to the health …

    …check worker.
    
    PR: 60038
    Submitted by: zdeno <zdeno@scnet.sk>
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757662 13f79535-47bb-0310-9956-ffa450edef68
    Ruediger Pluem committed Aug 25, 2016
  5. xforms fr

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757599 13f79535-47bb-0310-9956-ffa450edef68
    Christophe Jaillet committed Aug 25, 2016
  6. Fix some French translations in order explanations to match examples.

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757598 13f79535-47bb-0310-9956-ffa450edef68
    Christophe Jaillet committed Aug 25, 2016
  7. @wrowe

    Also catch invalid spaces between the URI <> Protocol in StrictWhites…

    …pace mode.
    
    (matching the test for the Method <> URI)
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757593 13f79535-47bb-0310-9956-ffa450edef68
    wrowe committed Aug 25, 2016
  8. @wrowe

    Rebuild all

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757590 13f79535-47bb-0310-9956-ffa450edef68
    wrowe committed Aug 25, 2016
  9. @wrowe

    Rename LenientWhitespace to UnsafeWhitespace and change StrictWhitespace

    to the default behavior, after discussion with fielding et al about the
    purpose of section 3.5. Update the documentation to clarify this.
    
    This patch removes whitespace considerations from the Strict|Unsafe toggle
    and consolidates them all in the StrictWhitespace|UnsafeWhitespace toggle.
    
    Added a bunch of logic comments to read_request_line parsing.
    
    Dropped the badwhitespace list for an all-or-nothing toggle in rrl.
    
    Leading space before the method is optimized to be evaluated only once.
    
    Toggled the request from HTTP/0.9 to HTTP/1.0 for more BAD_REQUEST cases.
    
    Moved s/[\n\v\f\r]/ / cleanup logic earlier in the cycle, to operate on
    each individual line read, and catch bad whitespace errors earlier.
    This changes the obs-fold to more efficiently condense whitespace and
    forces concatinatination with a single SP, always. Overrides are not
    necessary since obs-fold is clearly deprecated.
    
    
    
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757589 13f79535-47bb-0310-9956-ffa450edef68
    wrowe committed Aug 25, 2016
Commits on Aug 24, 2016
  1. mod_http2: give timeout goaway reason when applicable

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757540 13f79535-47bb-0310-9956-ffa450edef68
    Stefan Eissing committed Aug 24, 2016
  2. mod_http2: latest h2/state debug draft, fixes in 100-continue respons…

    …e generation
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757534 13f79535-47bb-0310-9956-ffa450edef68
    Stefan Eissing committed Aug 24, 2016
  3. mod_http2: graceful handling of open streams during graceful shutdown

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757524 13f79535-47bb-0310-9956-ffa450edef68
    Stefan Eissing committed Aug 24, 2016
Commits on Aug 23, 2016
  1. @covener

    xforms

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757290 13f79535-47bb-0310-9956-ffa450edef68
    covener committed Aug 23, 2016
  2. @covener

    more PR60024 feedback re: consistent terminology.

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757289 13f79535-47bb-0310-9956-ffa450edef68
    covener committed Aug 23, 2016
Commits on Aug 22, 2016
  1. @jchampio

    docs: rebuild

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757281 13f79535-47bb-0310-9956-ffa450edef68
    jchampio committed Aug 22, 2016
  2. @jchampio

    docs: update the "SSL Strong Encryption" how-to

    The how-to was a little behind the times. Update to modern ciphersuite
    selections, and teach the reader more about *why* certain selections and
    settings are chosen. Try to future-proof a little bit by including the
    "last-reviewed" date and pointing to Mozilla's recommendation tool.
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757280 13f79535-47bb-0310-9956-ffa450edef68
    jchampio committed Aug 22, 2016
  3. @notroj

    * modules/ssl/ssl_engine_kernel.c (ssl_callback_SessionTicket): Fail

      if RAND_bytes() fails; possible per API, although not in practice
      with the OpenSSL implementation.
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757147 13f79535-47bb-0310-9956-ffa450edef68
    notroj committed Aug 22, 2016
Commits on Aug 21, 2016
  1. @ylavic

    mod_proxy_fcgi: revert r1756187.

    rpluem: The default is disablereuse=off and the code you removed makes the
    default disablereuse=on.
    
    ylavic: so right..
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757097 13f79535-47bb-0310-9956-ffa450edef68
    ylavic committed Aug 21, 2016
  2. @wrowe

    As commented, ensure we don't flag a request as a rejected 0.9 request

    if we identified any other parsing errors and handle all 0.9 request
    errors as 400 BAD REQUEST, presuming HTTP/1.0 to deliver the error details.
    Do not report 0.9 issues as 505 INVALID PROTOCOL because the client apparently
    specified no protocol, and 505 post-dates the simple HTTP request mechanism.
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757065 13f79535-47bb-0310-9956-ffa450edef68
    wrowe committed Aug 21, 2016
  3. @wrowe
  4. ap_reclaim_child_processes() ignores its first argument

    note this in the docs, add comment
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757061 13f79535-47bb-0310-9956-ffa450edef68
    Stefan Fritsch committed Aug 21, 2016
  5. Revert "On exit, don't write to other generations' scoreboard slots"

    As we have removed the possibility to re-use used scoreboard slots in r1757031,
    we don't need this check anymore.
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757056 13f79535-47bb-0310-9956-ffa450edef68
    Stefan Fritsch committed Aug 21, 2016
  6. Rebuild.

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757050 13f79535-47bb-0310-9956-ffa450edef68
    Lucien Gentis committed Aug 21, 2016
  7. XML updates.

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757049 13f79535-47bb-0310-9956-ffa450edef68
    Lucien Gentis committed Aug 21, 2016